Techniques for protecting traffic in communication networks are the object of an ever growing interest, also in relation to users' greater mobility.
Nowadays, it is common practice for companies to interconnect their sites by means of public networks, typically packet switched networks like the Internet.
To reduce the risk of compromising the traffic that transits on these networks, numerous protocols have been standardised which are able to safeguard the confidentiality, the authentication and the integrity of the traffic.
Most of these protocols generally uses cryptographic algorithms aimed at reducing the risk that the information comprising the exchanged traffic may be compromised or altered in unauthorised fashion.
In fact, use of cryptography transforms a public network into a virtual private network, enabling to protect the transmitted information, so that only authorised entities can make use of it.
In the literature, numerous protocols are described which are able to offer the characteristics of confidentiality, authentication and traffic integrity.
Among these protocols, of particular importance is the framework IPsec, promoted by the Internet Engineering Task Force in “IP Security Protocol (IPsec)”. The framework IPsec comprises numerous protocols able to offer, at the IP layer, security services such as: authentication of the involved parties, confidentiality, integrity, and authentication of the traffic as well as protection against the repetition of packets transmitted in previous communications (so called replay attacks).
Other protocols used for the implementation of a VPN are the protocols, integrated today in any browser or mail client, known as Secure Socket Layer (SSL), de facto standard promoted by the Netscape Corporation in “SSLv3 Protocol Specification”, and Transport Layer Security (TLS), an evolution of the SSL protocol promoted by the Internet Engineering Task Force (IETF) RFC2246 in “TLS Version 1.0”, January 1999.
There is also the Secure Shell protocol (SSH), also promoted by the Internet Engineering Task Force in “Secure Shell (secsh)”. The Secure Shell protocol, together with the two previous ones, is also used to secure, by means of “port forwarding”, unprotected protocols based on TCP (Transmission Control Protocol) and on UDP (User Datagram Protocol).
Most frameworks/protocols used in VPNs, such as IPsec, SSL, TLS or SSH, include an authentication step and a step of exchanging the cryptographic keys that are used to protect traffic transiting over the network.
These steps are generally implemented through different strategies, the most common of which provide for the use of access passwords or the use of digital certificates.
Moreover, WO-A-01/69838 proposes a method and a related apparatus for securely exchanging keys between mobile terminals operating on a GSM cellular network or on another communication system. When the method is implemented on a GSM cellular communication system, the information stored on the SIM card is used to generate the keys that are exchanged among the mobile terminals and, subsequently, to protect the data transmitted among the mobile terminals during a communication session. The Applicant has observed that this solution entails an exchange of keys in “Diffie-Helman” mode, characterised by a high computational load.